KB-783E
READY-TO-ASSEMBLE-LEGO1 06 — C1 Build Plan (Not Executed) — 2026-06-22
8 min read Revision 1
ready-to-assemble-lego1build-plannot-executedc1-canonical-operation-vocabularyregistration-hold2026-06-22
READY-TO-ASSEMBLE-LEGO1 06 — C1 Build Plan (Not Executed) — 2026-06-22
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations.
Plan ID (design-only label, not a runtime row): LEGO1-C1-CANOPVOCAB-PLAN-2026-06-22.
Rule: No write command in this plan may be run by this macro. Every command is labelled READ_ONLY_ALREADY_RUN / WRITE_PLANNED_NOT_RUN / DRY_RUN_PLANNED_NOT_RUN / UNKNOWN_RISK_NOT_RUN. All WRITE_PLANNED_NOT_RUN commands execute only later, behind Gate B + an exact-scoped Chairman token (file 11), in the authorized C1 lane.
1. Exact surfaces likely to change (at build time)
| Surface | Change kind | Notes |
|---|---|---|
directus.public.governance_canonical_operation_vocab |
CREATE TABLE (new) | the C1 carrier table (file 04 §1 schema); does not exist today |
| same table | INSERT governed value rows | each value its own governed entry; values not invented here |
governance_audit_log (or per-row audit_ref) |
INSERT audit entries | birth + each value-admission audited |
governance_build_authorization |
read + consume one auth row | the Chairman/build token authorizing this lane (file 11); consumed_at/by set by the authorized executor |
AgentData KB …/reports/lego1-c1-build/ |
WRITE evidence reports | build evidence (file 10) |
Not touched: governance_object_ownership, approval_requests, apr_*, dot_operations, any register_dot path, C2/C3/C4/C5/C6/C7 surfaces.
2. Step order (build, NOT executed)
| Step | Action | Command class |
|---|---|---|
| S0 | Re-run read-only preflight (file 09) and confirm current state | READ_ONLY_ALREADY_RUN pattern; rerun DRY_RUN_PLANNED_NOT_RUN at build time |
| S1 | Confirm Gate B satisfied + valid exact-scoped Chairman/build-authorization row present and unconsumed (file 11) | READ_ONLY_ALREADY_RUN (today: 0 rows ⇒ NOT satisfied) |
| S2 | DDL: CREATE TABLE governance_canonical_operation_vocab (…) per file 04 §1 |
WRITE_PLANNED_NOT_RUN |
| S3 | DDL: add constraints (PK operation_code, status check, successor FK self-ref, NOT NULL governing_authority_ref) |
WRITE_PLANNED_NOT_RUN |
| S4 | Verify-only: introspect the new table read-only; run check fixtures against an empty table | DRY_RUN_PLANNED_NOT_RUN |
| S5 | DML: INSERT governed value rows, one governed entry per value (values determined in build, not invented here) | WRITE_PLANNED_NOT_RUN |
| S6 | INSERT audit entries for birth + each value admission | WRITE_PLANNED_NOT_RUN |
| S7 | Run the full check/test/adversarial matrix (file 07) read-only against the populated table | DRY_RUN_PLANNED_NOT_RUN |
| S8 | Write build evidence + readback (file 10); mark the Chairman/build-authorization row consumed |
WRITE_PLANNED_NOT_RUN |
3. Exact later commands (templates — WRITE_PLANNED_NOT_RUN)
The following are templates only, shown so no further preparation is needed; they are not executed here and must be re-validated against the live preflight at build time.
-- S2/S3 (WRITE_PLANNED_NOT_RUN): create the C1 carrier table
CREATE TABLE governance_canonical_operation_vocab (
operation_code text PRIMARY KEY,
protocol_version text NOT NULL,
act_type text NOT NULL,
status text NOT NULL CHECK (status IN ('active','superseded','retired')),
successor_code text NULL REFERENCES governance_canonical_operation_vocab(operation_code),
governing_authority_ref text NOT NULL,
rollback_ref text NULL,
created_at timestamptz NOT NULL DEFAULT now(),
created_by text NOT NULL,
superseded_at timestamptz NULL,
superseded_by text NULL
);
-- S5 (WRITE_PLANNED_NOT_RUN): admit ONE governed value (value chosen in build, governed entry)
INSERT INTO governance_canonical_operation_vocab
(operation_code, protocol_version, act_type, status, governing_authority_ref, created_by)
VALUES (:operation_code, :protocol_version, :act_type, 'active', :governing_authority_ref, :executor);
-- S4/S7 (DRY_RUN_PLANNED_NOT_RUN): read-only verification
query_pg(directus, "SELECT count(*) FROM governance_canonical_operation_vocab");
query_pg(directus, "SELECT operation_code,status,successor_code FROM governance_canonical_operation_vocab ORDER BY operation_code");
pg_schema(directus, schema='public', table='governance_canonical_operation_vocab');
4. Preconditions (all must hold before any S2+ write)
- Gate A baseline accepted (this package reviewed/accepted).
- Gate B satisfied for the named C1 lane (file 11) — including independent plan review.
- A valid, exact-scoped, unconsumed Chairman/build-authorization row in
governance_build_authorizationscoped toLEGO1-C1-CANOPVOCAB-PLAN-2026-06-22(today: 0 rows ⇒ precondition FALSE). - Live preflight (file 09) PASS at build time.
- No runtime mutation observed during review (else
RUNTIME_MUTATION_REJECTED, RBP-0).
5. Postconditions (after build)
governance_canonical_operation_vocabexists; every value isactive/superseded/retiredwith audit + governing authority.- No effect of the build reaches C2/C3/owner/approval/
register_dot(locality, I9). - Build evidence + readback written (file 10); Chairman/build-authorization row
consumed. REGISTRATION_HOLDstill governs registration/activation/P3 (the C1 build does not clear it).
6. Expected diff shape
- +1 table (
governance_canonical_operation_vocab), +N value rows (N governed values), +N+1 audit rows, 1 build-authorization row consumed. - 0 changes to any other carrier/table; 0
register_dot; 0 owner rows; 0 approval rows. - Any diff beyond this shape ⇒ stop and reject (scope drift /
ROLLBACK_NOT_LOCAL/LEGO_BOUNDARY_INSUFFICIENT).
7. Dry-run alternatives
- Schema dry-run: create the table in a disposable schema or the
pg-restore-test-…instance (file 02 §2) and run the matrix read-only; discard. - Logic dry-run: run the check/lookup fixtures (file 07) against an in-memory/empty table to prove the admission rule and forward-fail-closed behavior before any production INSERT.
- Both are
DRY_RUN_PLANNED_NOT_RUN.
8. Rollback trigger points
| Trigger | Action (file 08) |
|---|---|
| Any S-step diff exceeds §6 shape | abort; do not proceed; investigate scope drift |
| A value is found to be authority-named (not a pure operation) | retire that value (RBP-8-safe), keep resolvable, record successor/rollback_ref |
| Preflight FAIL at S0 | STOP before any write |
| Chairman/build-authorization row absent/expired/revoked/wrong-scope | STOP (G2_EXECUTION_REQUIRES_SEPARATE_AUTHORIZATION / CHAIRMAN_AUTHORIZATION_SCOPE_MISMATCH) |
| Runtime mutation observed in review | RUNTIME_MUTATION_REJECTED (RBP-0) |
9. Command-label ledger (this macro)
| Command | Label |
|---|---|
| All file-02 discovery queries | READ_ONLY_ALREADY_RUN |
| S2/S3/S5/S6/S8 writes | WRITE_PLANNED_NOT_RUN |
| S0/S4/S7 verifications | DRY_RUN_PLANNED_NOT_RUN |
| Exact later DDL/DML strings | WRITE_PLANNED_NOT_RUN |
| (none) | UNKNOWN_RISK_NOT_RUN — no command of unknown risk is planned; all are classified |
No write command was executed by this macro.
10. Boundary attestation
This file is a build plan at design level. It creates no carrier, writes no row, opens no P2/lane, executes no DDL/DML, and clears no blocker. REGISTRATION_HOLD retained; REGISTRATION_CAN_PROCEED = NO; 0 runtime mutations; I1–I10 not weakened.